[resolved] Password Required when none should be

After upgrading to 2.7 over the last weekend, any user attempting to reach the “recordings” (http://freepbxipdaaress/recordings) gets the login/password box for system maintenence. Clicking “Cancel” then brings up the voicemail login page. Users may then enter their extension number and password and proceed as normal except every time they click on something on the page, the password request comes back up. Again clicking on the “Cancel” button allows them to proceed.

They’re not locked out, but it is somewhat annoying.

Is this a setting or configuration issue, or is it a bug that needs to be reported?

I think it has something to do with the frog image in the upper left hand corner of the page. Looks like it is stored in a protected area.


I too have this problem on an upgraded system. There was a previous fix on this issue. I made sure that a copy of the logo exists in the recordings image directory and that did not fix it.

I have not had an opportunity to dig through the http logs and figure out what is going on.

What distro do you run? Look for a .htaccess file in /var/www/html/recordings. There should be none (imho).
What happens if you go to http://“your ip”/recordings/ directly?

The system I am having the issues is a bare bone CentOS/Asterisk/FreePBX.

There is no .htaccess file in any directory off /var/www/html/recordins and my little web front end does go directly to recordings (not launching it within FreePBX).

The only reason I am bringing this up on the FreePBX forum is beacause the problem started after a 2.7 upgrade.

The really odd thing is it is alson happening on a 2.5 system that has been running for a year and has not been updated. I thought it was my issue until this post.

I will keep poking at it and let you know what I found out. The users on the 2.5 system are putting much pressure on me to resolve.

My original install was a TRIXBOX, but I “untrixed” it several years ago, I get the password request even when we go directly to “recordings”. There is NO .htaccess in the directory.


Hmm, that is strange, what “realm” do you get?
Have you tried to clear all cookies for the ip/domain that your pbx have?
Any errors in apache error_log?

No Errors in error log. Cookies are clear. The Realm, I beleive, is “Restricted Area”


Check your apache config files in /etc/httpd/conf and /etc/httpd/conf.d for includes of additional config files. I think that trixbox did include one in /etc/pbx.

That auth is from apache, so it is there you should look for something like:

AuthType Basic
AuthName "Restricted Area"


I found an include file with the following:

#Password protect /var/www/html/admin
[Directory /var/www/html/admin]
AuthType Basic
AuthName "Secure Area"
AuthUserFile /usr/local/apache/passwd/wwwpasswd
Require user wwwadmin maint

#Password protect /var/www/html/maint [Directory /var/www/html/maint] AuthType Basic AuthName "Restricted" AuthUserFile /usr/local/apache/passwd/wwwpasswd Require user maint [/Directory]


You’ll notice that I changed the 1st AuthName to “Secure Area” and the 2nd to Simply “Restricted”.

Now when I get the login request, the Realm Shows “Secure Area” which indicates that the first half is causing the problem.

I REMed out the first half and the the request for a login went away, even for maintenence.

That’s no good, so I unREMmed it.

The way I see it, the only html directory which should be affected it the admin, but right now, that directive is affecting all of the subdirectories in the html root.


Bill, this is puzzling me, I have gone through the code from 2.5 to 2.7 and we don’t supply any files that affects apache other than the standard .htaccess in modules directory.

There must be some kind of configuration error for apache. Did you just upgrade FreePBX 2.5 to 2.7? No yum update?

Just did the update from 2.6 to 2.7 with the update tool.


Bill, change apache LogLevel to debug (/etc/httpd/conf/httpd.conf), stop apache, move error_log and access_log to backup, start apache, clear browser cache then try again. If you get the error, revert logging and look through the log files for any clue where it is picking up auth.

Changing log level to debug showed nothing. I’ll dig into it further, though, but have to leave the office now. Got a 5:15 commitment.

Thanks for your help.


I’m having the same issue.
I just installed the newest PBX in a Flash build, with their Orgasmatron 5.2 installer (http://nerdvittles.com/?p=675), and I then updated FreePBX to 2.7.
Anything I can do to fix this?

I’ve tried about 100 different combinations in the httpd.conf and an .htaccess file in the recordings directory. The best I can tell is that the configuration requiring a password for the maint directory is somehow affecting the recordings directory. I’m at a loss!

Whatever happened was coincidental with the 2.7 upgrade, but this is puzzling.

Any additional ideas will be appreciated. Meanwhile…I’ll keep plugging at it!


Found the problem:

The images are stored in the:



The admin directory is password protected. Anytime a request is made for an image, the login and password must be entered to retrieve the image.

Apparently in 2.7 there was a change to the image storage that affected some boxes.


Here’s a possible fix:

In the httpd.conf file add the following:

<Directory “/var/www/html/admin/images”>
Order allow,deny
Allow from all

Restart the apache server.

Let me know if this works.


Not really sure where to put it…
Any chance someone can upload a fixed httpd.conf file somewhere, so I can try it?
And what’s the command to restart the apache server?

The httpd.conf is in the:



You can put that code snippit anywhere, but for convenience, look to see if there any similar directives in the conf file and put it just before of after it.

Also make sure your images are stored the same place as mine. If you right click on the frog you’ll and click on properites. Under location you’ll get something like:


This tells you the location of the “frog” file. Disregard the part of the address that is specific to your server { the http://YourIPAddress}.

You don’t need to worry about the png file. So what you’re left with is the middle part. In the above example that’s “/admin/images/”

The root of the html directory is probably “/var/www/html”. So the directory you want to free up is /var/www/html/admin/images.

Hope that’s not too confusing.

To Restart your server use one of the following commands from the linux command line:

service httpd restart or
/etc/init.d/httpd restart

this issue was brought up to me a few weeks ago and I diagnosed it down to the http basic authentication for the admin directory as well.

Since it was an old trixbox system I didn’t look any further, I just suggested they change to database authentication to remove the problem.

However, I just checked SVN for changes to the images directory and saw nothing. Has anyone tracked down a log entry to what is being accessed there that was not before? All the module have options to add images to that directory (auto-linked through retrieve_conf). However, nothing new at all comes to mind in 2.7 that would have started using something there. Especially with ARI since I don’t believe any changes were done to it in 2.7???